On top of GDPR we now have NIS to worry about
As if the requirements and enforcement of the GDPR were not enough, the EU has also come up with another information security regulation, the Network and Information Systems (NIS) directive which becomes law across the EU next May, at the same time as the GDPR.
The NIS directive is aimed at making sure that essential services such as water, energy, transport and health firms are safeguarded against hacking attempts. Public and private sector organisations that operate in these sectors will be required to protect themselves from cyber-attack and also show that they have a recovery strategy to cover power failures and environmental disasters.
Organisations could face fines of up to £17m or 4% of global turnover if they fail to put safeguards in place to protect themselves from cyber-attacks or fail to have demonstrable business recovery strategies. The UK government has just announced that the directive will apply in the UK and has launched a consultation on how this will operate in practice.
The NIS directive is designed to prevent the type of disruption that took place earlier this year when NHS services across England and Scotland were hit by the large-scale WannaCry cyber-attack that disrupted hospital and GP appointments. US water utilities also suffered disruptive attacks in 2016 and Ukraine’s electricity network was shut down in 2015.
The NIS directive will apply to operators in the supply chains that provide water and energy services, including oil and gas companies. It will also apply to digital infrastructure providers, health providers and transport infrastructure providers, including airport, ports, road and rail operators.
Transputec has a range of services that we can provide under our Cyber-Security-as-a-Service offering, including external penetration testing and internal network threat analysis software. Put together, these leading-edge solutions offering 360° visibility of and protection against cyber threats and would guarantee to meet the cyber defence requirements of the NIS directive.
Please get in touch if you want to sign-up for up for our free webinar programme on the current cyber threat landscape and how to mitigate it.
Head of Cyber Security - Transputec